Given a user exists with email "bobby@example.com" and name "Bobby Tables"
And an admin with email "admin@example.com"
When I sign in as "admin@example.com"
Then I should see "Bobby Tables"
When I follow "Masquerade" within the "bobby@example.com" row
And I should see "Now masquerading as Bobby Tables"
And I should see "Hi Bobby" within the navigation
When I follow "Stop Masquerading"
Then I should be on the admin page

The context is that I’m an admin. A user is on the phone with me right now
with support questions. I quickly find their account and see the app through
their eyes.

We define that in a controller, then expose it as a helper method to the views,
so that we can alter the authorize_admin method that is used as a
before_filter:

In application_controller.rb:

def authorize_admin
current_user.admin? || masquerading?
end

That way, the MasqueradesController stays protected, even when you’re signed
in as a non-admin user during a masquerade.

We aren’t using this technique on our own products right now. One concern is
that on many apps, the customer’s view could reveal sensitive data. Airbrake,
for example, would require at minimum asking the person “may I act as your
account?”

However, I like the idea of providing better support by viewing the app as our
customers do.

Want to level up your testing game?
Learn about testing Rails applications and TDD
in our new book
Testing Rails.
The book covers each type of test in depth,
intermediate testing concepts,
and anti-patterns that trip up even intermediate developers.